Combating IT Resources Misuse and Hacking: Guidelines
With the ever-increasing reliance on information technology for storing, processing and retrieving data, serious attention must be paid to the problems of inappropriate use of IT resources, unauthorized access to files and systems (hacking), and the injection of defects (viruses) intended to lead to leak of data, corruption or collapse of systems.
The ICT Service has established the following "good practice" guidelines to reduce the risk of such interference.
Good Practice guidelines
- Passwords must conform to the complexity requirements laid down in the Strong Password Policy.
- Passwords should never be disclosed and it is strongly suggested that users change their password frequently, at least every 3-6 months. The login/password combination identifies a single individual and is reserved to that individual, who is personally responsible for it.
- Passwords should not be composed of names or other terms easy to guess or generate automatically (such as any dictionary entry). Ideally, passwords should be easy for the owner to remember--without having to write them down--, but difficult for anyone else to guess. To give you an idea, here are two suggestions: you could 1) take the first words of a fairy tale, a song, etc. and form your password from the initials, varying the spelling (upper/lower case letters, introducing numbers, etc.); or 2) take some of the initials of persons you know together with their month of birth (typed as a digit). It is recommended that you adopt passwords which are easy to use even when changing from qwerty and azerty to other keyboards.
- Workstations should never be left unattended while logged-in.
- No information containing one's password should be stored locally on a public workstation.
- Users should not attempt to deal with hackers or hacking themselves but should instead report any suspicious activity to ICT staff, preferably to the nearest ICT User Support Office.